東華大學圖書館 |

語系: 繁體中文

說明(常見問題)

回圖書館首頁

手機版館藏查詢

登入

回首頁

切換: 標籤 | MARC模式 | ISBD

FindBook

Google Book

Amazon

博客來

On the Classification Problem against Adversarial Examples.

紀錄類型:	書目-電子資源 : Monograph/item
正題名/作者:	On the Classification Problem against Adversarial Examples./
作者:	Jang, Wooyeong.
出版者:	Ann Arbor : ProQuest Dissertations & Theses, : 2021,
面頁冊數:	144 p.
附註:	Source: Dissertations Abstracts International, Volume: 83-03, Section: B.
Contained By:	Dissertations Abstracts International83-03B.
標題:	Computer science. -
電子資源:	http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=28719656
ISBN:	9798538113699

On the Classification Problem against Adversarial Examples.
Jang, Wooyeong.

On the Classification Problem against Adversarial Examples. - Ann Arbor : ProQuest Dissertations & Theses, 2021 - 144 p.

Source: Dissertations Abstracts International, Volume: 83-03, Section: B.

Thesis (Ph.D.)--The University of Wisconsin - Madison, 2021.

This item must not be sold to any third party vendors.

This dissertation explores the problem of robust classification against adversarial examples. While modern classification algorithms achieve high accuracy on innocuous samples, they show significantly lower performances after adding imperceptibly small perturbations, so-called adversarial perturbations, to those innocuous samples. Designing a robust classification against such adversarial examples is a crucial topic in machine learning community to make machine learning algorithms applicable in real-world situations. To deeply understand adversarial examples, this dissertation delves into two different aspects about this topic-attack side and defense side.On the attack side, we focus on attack algorithms generating adversarial examples for a given classifier. To understand how adversarial perturbations are generated, we design a new gradient descent algorithm-an algorithm that uses the gradient of a given classifier with respect to the input. Based on Newton's method, our algorithm achieves quicker convergences to adversarial points. Also, to reflect human imperceptibility, we propose a new set of metrics that are based on contemporary computer vision techniques. By measuring the performance of various attacks with these metrics, we empirically demonstrate that our new algorithm is comparably effective in fooling a classification algorithm.On the first part of the defense side, our main goal is to improve the robustness of classification algorithms by reinforcing existing defense strategies. We first start from a well-known formulation of adversarial training by Madry et al. (2017). From a thorough analysis, we figure out that, under a various instantiations the formulation, the confidence of a classifier on its prediction can be exploited as a discriminator between correct classifications and wrong classifications. Based on this result, we propose a framework that reinforces the adversarial robustness of a given base classifier and experimentally estimate the performance of the framework to support our analysis.On the second part of the defense side, we change our focus to another defense strategy that makes use of the manifold assumption. In this manifold-based defense, classification is made after a given sample is ``pulled back'' into the data manifold. The data manifold is usually approximated by generative models, however, most of those generative models are ignorant of the geometry/topology of the data manifold. We propose a topology-aware training method, for generative models, such that the distribution of generative models can reflect the prior knowledge on topological information of data manifold. We empirically verified that, after applying the new training, the distribution of generative model outputs reflects the topology of data manifold. Also, experiments show that the performance of manifold-based defense can be improved when generative models are trained with topology-aware training.

ISBN: 9798538113699Subjects--Topical Terms:

523869
Computer science.
Subjects--Index Terms:

Adversarial machine learning

On the Classification Problem against Adversarial Examples.
LDR:03970nmm a2200313 4500 001 2348649
005 20220912135627.5
008 241004s2021 ||||||||||||||||| ||eng d
020 $a 9798538113699
035 $a (MiAaPQ)AAI28719656
035 $a AAI28719656
040 $a MiAaPQ $c MiAaPQ
100 1 $a Jang, Wooyeong. $3 3688018
245 1 0 $a On the Classification Problem against Adversarial Examples.
260 1 $a Ann Arbor : $b ProQuest Dissertations & Theses, $c 2021
300 $a 144 p.
500 $a Source: Dissertations Abstracts International, Volume: 83-03, Section: B.
500 $a Advisor: Jha, Somesh.
502 $a Thesis (Ph.D.)--The University of Wisconsin - Madison, 2021.
506 $a This item must not be sold to any third party vendors.
520 $a This dissertation explores the problem of robust classification against adversarial examples. While modern classification algorithms achieve high accuracy on innocuous samples, they show significantly lower performances after adding imperceptibly small perturbations, so-called adversarial perturbations, to those innocuous samples. Designing a robust classification against such adversarial examples is a crucial topic in machine learning community to make machine learning algorithms applicable in real-world situations. To deeply understand adversarial examples, this dissertation delves into two different aspects about this topic-attack side and defense side.On the attack side, we focus on attack algorithms generating adversarial examples for a given classifier. To understand how adversarial perturbations are generated, we design a new gradient descent algorithm-an algorithm that uses the gradient of a given classifier with respect to the input. Based on Newton's method, our algorithm achieves quicker convergences to adversarial points. Also, to reflect human imperceptibility, we propose a new set of metrics that are based on contemporary computer vision techniques. By measuring the performance of various attacks with these metrics, we empirically demonstrate that our new algorithm is comparably effective in fooling a classification algorithm.On the first part of the defense side, our main goal is to improve the robustness of classification algorithms by reinforcing existing defense strategies. We first start from a well-known formulation of adversarial training by Madry et al. (2017). From a thorough analysis, we figure out that, under a various instantiations the formulation, the confidence of a classifier on its prediction can be exploited as a discriminator between correct classifications and wrong classifications. Based on this result, we propose a framework that reinforces the adversarial robustness of a given base classifier and experimentally estimate the performance of the framework to support our analysis.On the second part of the defense side, we change our focus to another defense strategy that makes use of the manifold assumption. In this manifold-based defense, classification is made after a given sample is ``pulled back'' into the data manifold. The data manifold is usually approximated by generative models, however, most of those generative models are ignorant of the geometry/topology of the data manifold. We propose a topology-aware training method, for generative models, such that the distribution of generative models can reflect the prior knowledge on topological information of data manifold. We empirically verified that, after applying the new training, the distribution of generative model outputs reflects the topology of data manifold. Also, experiments show that the performance of manifold-based defense can be improved when generative models are trained with topology-aware training.
590 $a School code: 0262.
650 4 $a Computer science. $3 523869
650 4 $a Street signs. $3 3688019
650 4 $a Neural networks. $3 677449
650 4 $a Probability. $3 518898
650 4 $a Methods. $3 3560391
650 4 $a Algorithms. $3 536374
650 4 $a Probability distribution. $3 3562293
650 4 $a Competition. $3 537031
650 4 $a Artificial intelligence. $3 516317
653 $a Adversarial machine learning
690 $a 0984
690 $a 0800
710 2 $a The University of Wisconsin - Madison. $b Computer Sciences. $3 2099760
773 0 $t Dissertations Abstracts International $g 83-03B.
790 $a 0262
791 $a Ph.D.
792 $a 2021
793 $a English
856 4 0 $u http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=28719656